Users are considered the weakest link in ensuring information security (InfoSec). As a result, users' security behaviour remains crucial in many organizations. In response, InfoSec research has produced many behavioural theories targeted at explaining information security policy (ISP) compliance. Meanwhile, these theories mostly draw samples from employees often in developing countries. Such theories are not applicable to students in educational institutions since their psychological orientation with regards to InfoSec is different when compared with employees. Based on this premise, the chapter presents arguments founded on synthesis from existing literature. It proposes a students' security compliance model (SSCM) that attempts to explain predictive factors of students' ISP compliance intentions. The study encourages further research to confirm the proposed relationships using qualitative and quantitative techniques.
TopLiterature Review
The importance of organizations’ information security cannot be overemphasized. Hence, technological as well as behavioural measures are often initiated to curb the adverse effects of improper use and policy non-conformity. However, behavioural issues top the approaches in safeguarding information (Safa et al., 2016). Therefore, scholars have explored various avenues in an attempt to explain information security behaviour. Considering that human behaviour is complex and difficult to understand (Wiafe, Nakata, Moran, & Gulliver, 2011). Mostly, the factors that determine adherence to policies meant to guide security behaviour has been explored. Extant studies agree that deterrent mechanisms such as fear appeal, threat, certainty of and severity of punishment are effective in guiding people to comply with security policies (Cheng, Li, Li, Holm, & Zhai, 2013; Herath & Rao, 2009; Safa et al., 2019). Other studies have argued that concepts such as habit strength, security support, prior experiences, self-efficacy, and perceived vulnerability are more effective in explaining information security compliance (Ifinedo, 2012; Johnston & Warkentin, 2010; Tsai et al., 2016).